EKU inadvertently posts sensitive info online

Sensitive information about Eastern Kentucky University faculty, staff and student workers was inadvertently posted to the internet last September and remained there for a year.

How many victims? 5,054.

What type of personal information? Names and Social Security numbers.

What happened? The file was inadvertently posted on Sept. 29, 2008 by an EKU staff member who was responsible for collecting data. The person violated EKU's information security policies, which state that unencrypted confidential personal data must not be stored on a computer that is not in a physically secured location. The file was discovered by an EKU employee who was conducting a Google search, and was taken down on Sept. 18, 2009.

Details: The file contained information about individuals on EKU's payroll during the 2007 to 2008 academic year.

What was the response? Letters were sent to affected individuals. A webpage and hotline were established to provide information about the breach. In addition, EKU is taking on a data inventory initiative and conducting a review of policies and practices regarding the security of confidential data.

Senior Reporter Angela Moscaritolo writes daily IT security news and feature stories for SC Magazine's website and print edition. Prior to coming on board as a reporter at SC Magazine in September 2008, Angela worked at newspapers in Pennsylvania, West Virginia, and New Jersey. She worked at The Northern Valley Suburbanite in New Jersey, The Dominion Post in West Virginia, and the Uniontown-Herald Standard in Pennsylvania. Reporting for newspapers, she primarily covered city government, school boards, and local breaking news. She is a West Virginia University Perely Isaac Reed School of Journalism graduate.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.